Risk Management relevant to Supply chain management, logistics, vendor management

1. Risk Management
Recent Development in Logistics
~Nishikant Rajeshirke

2. What is Risk
 RISK means the possibilities of meeting changes or of suffering
harm or loss.
OR
 RISK is a phenomena or event that when occurred causes
destruction
 RISK MANAGEMENT is the art of reducing the possibilities of a
risk and managing those risks in such a way that their impacts
can be reduced

3. Need of Risk Management
 Enterprises relying on others firms for their success. Historically,
enterprises have spent less than a third of their budgets on
purchased goods and services, having relied on internal sources
for these.
 Today, many enterprises spend most of their budget on
purchased goods and services. This is in large part because of the
advantages enterprises have found in strategies such as
globalization, outsourcing, supply-base rationalization, just-in-time
deliveries, and lean inventories.
 While globalization, extended supply chains, and supplier
consolidation offer many benefits in efficiency and effectiveness,
they can also make supply chains more brittle and can increase
risks of supply-chain disruption.
 For eg. March 2011 Tohoku earthquake and subsequent tsunami
in Japan showed how one event can disrupt many elements of
global supply chains, including supply, distribution, and
communications

4. Risk Management process
 Identifying internal and external environments
 Risk identification and assessment
 Risk treatment
 Continual monitoring and review of risks and their
treatment.

5. Risk Management process
Identifying Internal and External
environment
Risk Assessment
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment

6. Supply chain management Risk
 “supply-chain risk” as the likelihood and
consequence of events at any point in the end-to-
end supply chain, from sources of raw
materials to end use of customers.
 “supply-chain risk management” as the
coordination of activities to direct and control
an enterprise’s end-to-end supply chain with
regard to supply-chain risks.

7. Potential Risks to an Organization and Supply Chain
External, End-to-End Risks:
• Natural disasters • Labor unavailability
• Accidents • Market challenges
• Sabotage, terrorism, crime, war • Lawsuits
• Political uncertainty • Technological trends
Supplier risks:
• Physical and regulatory risks • Management risks
• Production problems • Upstream supply risks
• Financial losses and premiums

8. Potential Risks to an Organization and Supply Chain
Distribution Risks:
• Infrastructure unavailability • Warehouse inadequacies
• Lack of capacity • IT system inadequacies or failure
• Labor unavailability • Long, multi-party supply pipelines
• Cargo damage or theft
Internal Enterprise Risks:
• Operational • Financial uncertainty
• Political uncertainty • Facility unavailability
• Demand variability • Testing unavailability
• Personnel availability • Enterprise underperformance
• Design uncertainty • Supplier relationship management
• Planning failures

9. Identifying Internal and External
Environments
Risks exist at discrete levels and entities within an
organization
Manufacturing risks exist at manufacturing sites.
Supplier risks exist at supplier sites (including those of
sub-tier suppliers).
Distribution risks exist at suppliers and in upstream and
downstream transportation and logistics systems.
Legislative, compliance, intellectual property, and
regulatory risks exist at the country or regional level for
multinational enterprises.
Finally, strategic risks exist at the business-unit or
corporate level.

10. External environment Risks (Natural)
-Risks to Transportation and Security

11. Risk Identification
 Two type of Risks:
1. Retrospective risks:
Retrospective risks are those that have previously occurred, such as
incidents or accidents.
It’s easier to believe something if it has happened before. It is also easier
to quantify its impact and to see the damage it has caused.
Q. How to identify retrospective risk?
 Hazard or incident logs or registers
 Audit reports
 Customer complaints
 Accreditation documents and reports
 Past staff or client surveys
 Newspapers or professional media, such as journals or websites.

12. Risk Identification
 Two type of Risks:
2. Prospective risks:
Prospective risks are often harder to identify. These are things that have
not yet happened, but might happen some time in the future.
Identification should include all risks, whether or not they are currently
being managed. The rationale here is to record all significant risks and
monitor or review the effectiveness of their control.
Q. How to identify
 Brainstorming with staff or external stakeholders
 Researching the economic, political, legislative and operating environment
 Conducting interviews with relevant people and/or organizations
 Undertaking surveys of staff or clients to identify anticipated issues or
problems
 Flow charting a process
 Reviewing system design or preparing system analysis techniques.

13. Risk Analysis & Evaluation
 Risk analysis process is to estimate the likelihood and consequence of
risks facing a firm and accordingly prioritize them for ultimate
treatment.
2x2 Impact/Probability Matrix:
Impact
Probability
Low High
Low High
This step is about
deciding whether risks
are acceptable or
need treatment.

14. Risk Acceptance
A risk may be accepted for the following reasons:
The cost of treatment far exceeds the benefit, so that acceptance is the
only option (applies particularly to lower ranked risks)
The level of the risk is so low that specific treatment is not appropriate
with available resources
The opportunities presented outweigh the threats to such a degree
that the risks justified
The risk is such that there is no treatment available, for example the
risk that the business may suffer storm damage.
Ignoring risk doesn’t make the risk go away!

15. Risk treatment strategy
 Avoidance – Changing a project objective to eliminate the threat posed
by an adverse risk event.
 Transference – Shifting the negative impact of a threat, along with the
ownership of the response, to a third party.
 Mitigation – Reducing the Probability or Impact of an adverse risk event
(threat) to an acceptable threshold.
 Acceptance – The project team decides not to change project
objectives to deal with the risk.
 Passive acceptance: no action, deal with threats as they occur
(workarounds)
 Active acceptance: establish a contingency reserve to handle risks

16. Risk treatment strategy
 Exploit – This strategy seeks to eliminate the uncertainty with an
opportunity by changing a project objective to ensure it happens.
 Share – Allocating ownership of the positive risk event to a third party
who is best able to capture the opportunity for the project.
 Enhance – Increasing the probability and/or positive impact of an
opportunity.
 Contingency – Not a risk response, but an output from risk planning.
Developed for actively accepted project risks. This is typically defined
as time or funds.

17. Continual Monitoring of Risks and Treatment
After identifying and treating risks,
Firm should implement a monitoring program, evaluating plans,
procedures, and capabilities through periodic review, testing, post-incident
reports, and other exercises.
It should check conformity and effectiveness of the program, establish,
implement, and maintain procedures for monitoring and taking corrective
action as necessary.
Testing and Adjusting the Plan if is requires in order to reduce
cost/threat
Areas of Continual Adjustment: If the risk is more obvious and will
remain with process due government or their regulatory environment

18. Conclusion
 Effective supply-chain risk management (SCRM) is essential to a successful
business. As globalization increases, so too do the critical
interdependencies and complexities between suppliers, logistics
providers, and a successful enterprise. A breakdown in any part of the
supply chain connecting these entities can potentially lead to
consequences.
 While no risk management program can fully predict, mitigate, or prevent
all risks or consequences, companies that proactively implement a supply-chain
risk-management program will be more resilient and prepared for
the day when a "risk" becomes "real."

19. Questions ???